Author: Kedar Ghule

Priorities for CISO

A Guide About Priorities For Chief Information Security Officer (CISO)

A chief information security officer (CISO) is the senior-most executive who holds the responsibility for establishing strategies to ensure that an organization's data and information is secure. Traditionally, a CISO works together with the CIO. The position CISO is often used interchangeably with the titles of Chief Security Officer (CSO) and Vice President of Security. CISO generally reports to the CIO or CEO.

Reading Continue
How to evaluate SaaS Provider?

List of Security and Operational Questions to Ask A SaaS Provider Before Signing Up

After you have decided that to adopt cloud computing for your business, the next step is to look for a cloud services provider, and like many companies, you will be looking for a SaaS Provider. These days you hear a lot about SaaS applications. SaaS stands for Software as a Service. Every company uses SaaS right now for something or the other, and the numbers are growing every day.

Reading Continue
scott graham 5fNmWej4tAA unsplash 1

A Definitive List Of Various Compliances And What They Mean

Cyberattacks have been very prominent in the last decade. Just last week, social media giant Twitter fell prey to it wherein accounts of prominent personalities, like Elon Musk, Bill Gates, former U.S. President Barack Obama, and others were hacked. While we cannot stop these attacks completely, there are certain rules and regulations that, if followed, will significantly reduce the risks. Many times, organizations need to comply with many such rules and regulations which have overlapping qualities. 

Reading Continue
Stop Making These DevOps Mistakes

If You Are Doing These DevOps Things, You Are Doing It Completely Wrong

DevOps stands for Development and Operations Collaboration. It is a strategy or a methodology that bridges the gap between the Development Team and the Operations team. It is a practice in which the development teams and the operations team work together for the entire project cycle. DevOps facilitates continuous integration and delivery and getting feedback from the stakeholders in the early stages.

Reading Continue

What is the difference between NIST, CIS/SANS 20, ISO 27001 Compliance Standards?

Due to the increasing instances of cyber-attacks in the last decade, establishing information security controls and assessments have become an essential tool for organizations. These controls are necessary for an organization to strengthen its defenses against various security threats. There are compliance standards or frameworks which have distinguished themselves as the best practices for organizations to assess their current security plan and maturity. These standards or frameworks also help the organization set important goals regarding security to improve its practices when protecting sensitive and critical assets. The frameworks I am talking about are NIST, CIS/SANS 20, and ISO 27001.

Reading Continue
As A CIO Do You Have A Plan If A Data Breach Occurs

As A CIO Do You Have A Plan If A Data Breach Occurs At Your Organization?

Companies should draft a comprehensive incident response plan to tackle any future attacks. But what if you are the person in the company who is responsible for managing and implementing the IT infrastructure? The position I am talking about is that of a Chief Information Officer (CIO) or as most would like to call them 'the sacrificial lambs of a data breach response.'

Reading Continue
What is APRA Compliance

A Quick Introduction To APRA Compliance And How It Affects Your Cloud Hosted Applications?

APRA is an independent statutory authority that oversees institutions across banking, insurance, and superannuation and promotes financial system stability in Australia. It is the prudential regulator of the Australian financial services industry. In July 2015, APRA published an information paper titled' Outsourcing involving shared computing services. The article focuses on the fundamental principles and prudential considerations that should be considered for utilizing cloud computing services. 

Reading Continue
Cloudanix - How to respond to data or security breach?

How to respond to a Data or Security Breach?

A data or a security breach is a security incident in which information is accessed without authorization, thereby violating its confidentiality. A data or security breach can be done by anyone including an employee, a rival organization, or just a malicious agent. The motive can be any fraudulent activity like defamation, corporate espionage, disruption, or financial gain for the attacker.

Reading Continue